OpenID stuff

Started by RobbieThe1st, October 20, 2008, 01:00:28 AM

Previous topic - Next topic

RobbieThe1st

I need some help testing my OpenID login script.
http://robbiethe1st.afraid.org/pf/openid.php
Try to login with it, and tell me what happens.
Note that if you have a Yahoo account or Gmail account or an account at one of many other sites, you have an OpenID - You just need to find the OpenID ID. Googling for it helps.
Yahoo members click Here
Gmail members click Here
MyOpenId (openID provider)
OpenID.org (openID provider)


For developers:
This page is an awesome tutorial on how to use OpenID, and how to simply implement it with no special libraries.

Old, obsolete post:
QuoteOk, so I have some webpages that need authentication(admin pages and such). I decided, instead of what I used to do, which was basically have a text-database with usernames & password-hashes, I would try to use OpenID to do the same thing. I start reading up on it... and I can't make heads or tails out of it.

What I want to do is have a login page with OpenID and Password boxes. You click submit, and it checks the openID against a local list of known/registered OpenIDs. Then, if the OpenID is a valid one, it contacts the OpenID server(Yes, I know that the information is part of the OpenID) with the password, and, I am hoping, gets a response if that OpenID/password is a valid combination - I.E. the password entered is correct.

I can do the first bit, but have no clue about how to contact the OpenID server chosen with the password and get a response, or even if what I want to do is possible.

The list of authenticated users I plan on updating manually.

Anyone know where I should start, or even know what I am talking about?

Thanks,


-RobbieThe1st

Pasteris.ttf <- Pasteris is the font used for text in DMFA.

RobbieThe1st

#1
Please delete this post

-RobbieThe1st

Pasteris.ttf <- Pasteris is the font used for text in DMFA.

llearch n'n'daCorna

Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears

Gabi

A login script? It sounds like it could very easily be used for stealing people's passwords. What's its purpose?
~~ Gabi a.k.a. Gliynn Starseed, APF ~~
Thanks to Silver for the yappities, and to everyone for being so great!
(12:28:12) llearch: Gabi is equal-opportunity friendly

superluser

Quote from: Gabi on October 29, 2008, 08:48:49 AMA login script? It sounds like it could very easily be used for stealing people's passwords. What's its purpose?

http://en.wikipedia.org/wiki/Openid

I haven't read it yet, but I'm sure it explains what it's for.


Would you like a googolplex (gzipped 57 times)?

llearch n'n'daCorna

I believe, superluser, that Gabi was querying what Robbie's script was for... not what OpenID is for... ;-]
Thanks for all the images | Unofficial DMFA IRC server
"We found Scientology!" -- The Bad Idea Bears

RobbieThe1st

The whole idea behing OpenID is that a third party site, like mine, would *not* ever have access to your password. Your password and authentication is all done by your OpenID Provider.

This is just a script I am working on that I can attach to anything needing security - I simply provide it with a list of approved OpenIDs, and it takes care of the login process.


-RobbieThe1st

Pasteris.ttf <- Pasteris is the font used for text in DMFA.

superluser

Quote from: RobbieThe1st on October 30, 2008, 11:04:14 PM
The whole idea behing OpenID is that a third party site, like mine, would *not* ever have access to your password. Your password and authentication is all done by your OpenID Provider.

Does that mean I'm not crazy, then?  Because, based on the name, I was pretty sure that that's what this was, and that knowing what OpenID was would answer Gabi's question.


Would you like a googolplex (gzipped 57 times)?

Gabi

#8
Well, I've had an OpenID from myopenid.com for well over a year (before I got a new one by getting a LiveJournal account, and now that Yahoo and Gmail are using them too I have 4), so I did know about it. I was, indeed, asking what Robbie's script was for.  And I asked the question before I saw the form.

Yes, superluser, you can phish and use OpenID at the same time, it all depends on how you build the form.

QuoteYour login completed successfully.
OpenID: gabi.myopenid.com
Nickname:
~~ Gabi a.k.a. Gliynn Starseed, APF ~~
Thanks to Silver for the yappities, and to everyone for being so great!
(12:28:12) llearch: Gabi is equal-opportunity friendly